diff options
| author | Douwe Maan <douwe@gitlab.com> | 2015-03-27 11:38:22 +0100 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2015-04-02 10:56:04 +0200 |
| commit | ca58e369c9f2a72402cfcf4d86d29c115b1b909c (patch) | |
| tree | 1168d4560477212520ba9d9d022779665a797722 /app | |
| parent | b1ef1aa59f5ccb78be6d2462b56ed6bafebe65c0 (diff) | |
| download | gitlab-ce-ca58e369c9f2a72402cfcf4d86d29c115b1b909c.tar.gz | |
Only allow user to reference objects they have access to.
Diffstat (limited to 'app')
| -rw-r--r-- | app/helpers/gitlab_markdown_helper.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/helpers/gitlab_markdown_helper.rb b/app/helpers/gitlab_markdown_helper.rb index 7ca3f058636..a4157d62533 100644 --- a/app/helpers/gitlab_markdown_helper.rb +++ b/app/helpers/gitlab_markdown_helper.rb @@ -19,7 +19,7 @@ module GitlabMarkdownHelper escape_once(body) end - gfm_body = gfm(escaped_body, @project, html_options) + gfm_body = gfm(escaped_body, @project, current_user, html_options) gfm_body.gsub!(%r{<a.*?>.*?</a>}m) do |match| "</a>#{match}#{link_to("", url, html_options)[0..-5]}" # "</a>".length +1 |